Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/657c59-e3b9-404f-afab-e1efcf2ed0a7/1/Z7UyGu5eAyy6eE2IZXWBPwAGCsY.roa
File:                     Z7UyGu5eAyy6eE2IZXWBPwAGCsY.roa (raw, json)
Hash identifier:          69ViYIsd0St7iG615BWi/I8unIJ08lLoNoGfAWMd13A=
Subject key identifier:   67:B5:32:1A:EE:5E:03:2C:BA:78:4D:88:65:75:81:3F:00:06:0A:C6
Certificate issuer:       /CN=8407f0063ee9af31d87cfe65b9bc193eb42c8969
Certificate serial:       019423D784C816FFA95F0ED7CEEB32E94412
Authority key identifier: 84:07:F0:06:3E:E9:AF:31:D8:7C:FE:65:B9:BC:19:3E:B4:2C:89:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hAfwBj7przHYfP5lubwZPrQsiWk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/657c59-e3b9-404f-afab-e1efcf2ed0a7/1/Z7UyGu5eAyy6eE2IZXWBPwAGCsY.roa
Signing time:             Wed 01 Jan 2025 21:48:34 +0000
ROA not before:           Wed 01 Jan 2025 21:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29684
IP address blocks:        91.223.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/657c59-e3b9-404f-afab-e1efcf2ed0a7/1/hAfwBj7przHYfP5lubwZPrQsiWk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/657c59-e3b9-404f-afab-e1efcf2ed0a7/1/hAfwBj7przHYfP5lubwZPrQsiWk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hAfwBj7przHYfP5lubwZPrQsiWk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:84:c8:16:ff:a9:5f:0e:d7:ce:eb:32:e9:44:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8407f0063ee9af31d87cfe65b9bc193eb42c8969
        Validity
            Not Before: Jan  1 21:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=67b5321aee5e032cba784d886575813f00060ac6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:01:b5:28:00:74:04:be:80:74:2a:59:b6:ed:
                    98:d4:8e:56:88:b2:98:5e:7c:7e:12:c6:c0:d1:03:
                    7c:b6:1f:5b:cb:9b:4b:68:e8:d7:99:ed:03:72:2f:
                    af:d0:11:62:44:e5:6f:e2:f4:24:9d:3d:e9:a2:07:
                    da:67:30:7e:d8:ad:96:2b:67:66:13:f4:93:41:4b:
                    fc:6f:28:f8:46:6f:ea:11:ae:ec:0f:7e:40:a7:e3:
                    36:bd:34:6a:51:01:0b:b3:31:e9:36:14:1a:cf:94:
                    22:07:38:5b:67:c3:1f:88:bf:ae:5a:4a:8e:9a:51:
                    46:db:33:9d:df:a9:e2:44:7e:bd:45:59:2e:31:2f:
                    7e:06:e7:71:5d:8b:8a:2f:37:41:c7:60:5c:a7:f3:
                    b7:14:23:6b:8c:05:88:6a:73:38:7a:1b:97:a7:3f:
                    05:3a:79:05:53:bb:17:33:9b:82:86:df:5f:81:2a:
                    69:c1:a9:11:80:f8:32:47:95:bb:93:3e:63:c3:a5:
                    dc:49:59:99:00:6f:93:06:ed:2f:51:62:14:1e:b0:
                    5e:39:14:d8:01:27:b7:35:59:2b:1e:ea:5a:b6:11:
                    35:f9:ab:84:4c:f0:2a:c7:07:cd:be:9e:ac:56:cb:
                    02:d4:55:bc:25:25:d9:67:f2:44:f2:b1:81:fe:53:
                    c5:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:B5:32:1A:EE:5E:03:2C:BA:78:4D:88:65:75:81:3F:00:06:0A:C6
            X509v3 Authority Key Identifier:
                keyid:84:07:F0:06:3E:E9:AF:31:D8:7C:FE:65:B9:BC:19:3E:B4:2C:89:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hAfwBj7przHYfP5lubwZPrQsiWk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/657c59-e3b9-404f-afab-e1efcf2ed0a7/1/Z7UyGu5eAyy6eE2IZXWBPwAGCsY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/657c59-e3b9-404f-afab-e1efcf2ed0a7/1/hAfwBj7przHYfP5lubwZPrQsiWk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:1c:50:87:65:95:fe:ec:02:3a:d0:80:a9:b0:a7:0e:ca:f4:
         3c:2a:ae:7d:2f:d6:ac:8c:5e:f5:c7:ef:21:d8:1d:5e:bd:f9:
         11:61:48:c9:a7:49:8c:a2:a9:7a:f7:81:4f:84:ec:61:1b:72:
         77:00:91:b2:ca:81:7d:00:34:dd:a7:b8:09:b3:fa:3d:55:0c:
         e4:73:b1:cc:eb:95:0c:aa:7e:5e:cc:47:ba:91:fe:5e:27:fa:
         59:12:bf:76:c2:29:b4:17:19:38:71:72:88:99:32:7c:59:0e:
         a8:a8:2f:5a:2d:38:24:07:5b:51:e8:58:4c:34:f7:df:e4:f4:
         27:6a:58:91:17:6b:25:bd:bb:6e:e6:dc:45:f6:7b:b3:7b:3e:
         ad:6a:fb:22:14:8a:00:b3:a0:cb:24:5c:7b:49:8b:54:58:d7:
         e6:c5:e1:e8:1a:ce:69:b8:9e:08:d7:a2:cd:de:43:bd:f0:f1:
         ba:a8:b5:f8:ba:21:cf:ce:48:87:6b:c4:80:86:6d:e2:a7:d2:
         32:17:be:d0:87:a4:7c:b0:9c:f8:59:cd:23:fa:39:d2:55:93:
         3e:17:bb:14:56:e6:62:f3:e7:fb:60:cb:ed:3e:37:0e:ab:79:
         54:19:d3:0b:cb:9e:c2:18:53:3b:39:93:8d:a0:0f:b3:b5:dc:
         ed:81:88:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj14TIFv+pXw7Xzusy6UQSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0MDdmMDA2M2VlOWFmMzFkODdjZmU2NWI5YmMxOTNlYjQy
Yzg5NjkwHhcNMjUwMTAxMjE0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2I1MzIxYWVlNWUwMzJjYmE3ODRkODg2NTc1ODEzZjAwMDYwYWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwG1KAB0BL6AdCpZtu2Y1I5WiLKY
Xnx+EsbA0QN8th9by5tLaOjXme0Dci+v0BFiROVv4vQknT3pogfaZzB+2K2WK2dm
E/STQUv8byj4Rm/qEa7sD35Ap+M2vTRqUQELszHpNhQaz5QiBzhbZ8MfiL+uWkqO
mlFG2zOd36niRH69RVkuMS9+BudxXYuKLzdBx2Bcp/O3FCNrjAWIanM4ehuXpz8F
OnkFU7sXM5uCht9fgSppwakRgPgyR5W7kz5jw6XcSVmZAG+TBu0vUWIUHrBeORTY
ASe3NVkrHupathE1+auETPAqxwfNvp6sVssC1FW8JSXZZ/JE8rGB/lPFZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGe1MhruXgMsunhNiGV1gT8ABgrGMB8GA1UdIwQY
MBaAFIQH8AY+6a8x2Hz+Zbm8GT60LIlpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEFmd0JqN3ByekhZZlA1bHVid1pQclFzaVdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS82NTdjNTktZTNiOS00MDRmLWFmYWIt
ZTFlZmNmMmVkMGE3LzEvWjdVeUd1NWVBeXk2ZUUySVpYV0JQd0FHQ3NZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS82NTdjNTktZTNiOS00MDRmLWFmYWItZTFlZmNmMmVkMGE3
LzEvaEFmd0JqN3ByekhZZlA1bHVid1pQclFzaVdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9/SMA0G
CSqGSIb3DQEBCwUAA4IBAQAIHFCHZZX+7AI60ICpsKcOyvQ8Kq59L9asjF71x+8h
2B1evfkRYUjJp0mMoql694FPhOxhG3J3AJGyyoF9ADTdp7gJs/o9VQzkc7HM65UM
qn5ezEe6kf5eJ/pZEr92wim0Fxk4cXKImTJ8WQ6oqC9aLTgkB1tR6FhMNPff5PQn
aliRF2slvbtu5txF9nuzez6tavsiFIoAs6DLJFx7SYtUWNfmxeHoGs5puJ4I16LN
3kO98PG6qLX4uiHPzkiHa8SAhm3ip9IyF77Qh6R8sJz4Wc0j+jnSVZM+F7sUVuZi
8+f7YMvtPjcOq3lUGdMLy57CGFM7OZONoA+ztdztgYhZ
-----END CERTIFICATE-----